Step 3: Secure Elasticsearch

You need to secure access to your remote Elasticsearch instance with a username and password. We recommend securing your remote Elasticsearch instance with a security plugin that requires anyone connecting to it provides authentication credentials. Atlassian provides a free plugin called Buckler for this purpose. Bitbucket Server also supports authentication to Elasticsearch through other plugins that provide basic authentication, like Elastic's Shield plugin.

Create a directory called buckler within the elasticsearch/config/ directory.

Within the elasticsearch/config/buckler directory, create a file named buckler.yml.

When installing using rpm or deb file

The location of your configuration directory varies depending on how you installed Elasticsearch. For rpm/deb installations the location is typically in /etc/elasticsearch

if the file is placed in the wrong location Buckler does not enforce any permissions, so your instance/cluster is not secure.

Enable Buckler: at this point there are no configuration properties within buckler.yml, so the features of the Buckler plugin are disabled.

To enable the Buckler for basic HTTP authentication, you add these properties to the file, creating a username and password that Bitbucket will use to access Elasticsearch (configured in a later step).

Step 4: Connect Elasticsearch to Bitbucket

Once you've configured your Elasticsearch instance you then need to connect it to Bitbucket.

To configure your remote Elasticsearch instance using the bitbucket.properties file

Once a parameter is set in the bitbucket.properties file, it cannot be edited later from the admin UI. Any changes that need to be made to the Elasticsearch configuration must be made within the bitbucket.properties file.

Locate the bitbucket.properties file in the <Bitbucket home directory>/shared directory.